sorted by: recent | see : popular

Content Tagged with Site + tools

criar sitemap.xml

The purpose of svcrack is very straightforward.This tool will launch a password guessing attack extensions on the SIP registrar. Attackers will be after your SIP passwords because such knowledge allows them to:

• Get free long distance calls
• Hijack and spoof phone calls
• Eat your spaghetti
  

The most obvious and damaging problem is toll fraud. Traditionally phone phreaks enjoyed free calls by abusing security flaws within the phone company's system as well as private companies' PABXs. By gaining access to an extension line which can make international calls, an attacker will be able to run large bills on the victim's account. On the other hand, the social engineering aspect should not be under estimated. Social engineering can be a very effective and reliable method that allows hackers to pull off some of the most interesting (sometimes amusing) attacks ever. From ordering free pizza as someone else, to hijacking the help desk's number and then asking for user's passwords, such attacks rely on human nature and can probably never be totally prevented.

This is how svcrack works:

1. It starts sending REGISTER requests to register a specific extension line
2. In the mean time the SIP server starts responding back asking for authentication.
3. The response also contains a nonce, which is a unique number or bit string that should only be used once. This nonce is used as the challenge in the challenge-response mechanism.
4. Svcrack uses the nonce and other properties to compute the challenge response then sends that back to the server

Svcrack will repeat the above procedure until the password gets cracked and an OK message is recieved, or until there are no more passwords to try.

During testing, we were able to run speeds up to 80 passwords per second - that is 6,912,000 passwords a day. These numbers are dependent on the SIP registrar and of course, on a real network, latency and other factors will seriously affect these results. Some registrars allow the attacker to reuse the nonce. This makes the registrar servers vulnerable to replay attacks. This feature is also useful during password cracking, since it can make the process faster. In fact, svcrack has an option which allows auditors to exploit this feature and possibly achieve faster speed.

The purpose of svcrack is very straightforward.This tool will launch a password guessing attack extensions on the SIP registrar. Attackers will be after your SIP passwords because such knowledge allows them to:

• Get free long distance calls
• Hijack and spoof phone calls
• Eat your spaghetti
  

The most obvious and damaging problem is toll fraud. Traditionally phone phreaks enjoyed free calls by abusing security flaws within the phone company's system as well as private companies' PABXs. By gaining access to an extension line which can make international calls, an attacker will be able to run large bills on the victim's account. On the other hand, the social engineering aspect should not be under estimated. Social engineering can be a very effective and reliable method that allows hackers to pull off some of the most interesting (sometimes amusing) attacks ever. From ordering free pizza as someone else, to hijacking the help desk's number and then asking for user's passwords, such attacks rely on human nature and can probably never be totally prevented.

This is how svcrack works:

1. It starts sending REGISTER requests to register a specific extension line
2. In the mean time the SIP server starts responding back asking for authentication.
3. The response also contains a nonce, which is a unique number or bit string that should only be used once. This nonce is used as the challenge in the challenge-response mechanism.
4. Svcrack uses the nonce and other properties to compute the challenge response then sends that back to the server

Svcrack will repeat the above procedure until the password gets cracked and an OK message is recieved, or until there are no more passwords to try.

During testing, we were able to run speeds up to 80 passwords per second - that is 6,912,000 passwords a day. These numbers are dependent on the SIP registrar and of course, on a real network, latency and other factors will seriously affect these results. Some registrars allow the attacker to reuse the nonce. This makes the registrar servers vulnerable to replay attacks. This feature is also useful during password cracking, since it can make the process faster. In fact, svcrack has an option which allows auditors to exploit this feature and possibly achieve faster speed.

We've updated some pages on the wiki:

• Usage of svmap and svwar with examples on how to use each option
• Mentions of sipvicious on various media are now being cataloged
• A Getting Started document - a step by step how to for newbies and the rest of us ;)
• The FAQ page has been updated to include a disclaimer like answer to the question: "Why did you publish tools that can be used for illegal purposes?"
• To do list has been updated with some excellent suggestions from sipvicious users.
  

Fixed a couple of bugs in the svn version. For more information check out the Changelog file.

To report any crashes (unhandled exceptions) that you may get, you may make use of the -R or --reportback option. This handles sending of bug report, and if you update to the svn version, allows you to include an optional message and email address.

$ ./svreport somehost.com -R

If the bug is not a crash, you may still contact the author through email, or open an issue.
To update to the latest version, simply run "svn update" in the sipvicious directory if you are on a system with subversion installed (typically Linux or Unix machines).

$ svn update

After much bug fixing and feature creeping ... we announce SIPVicious tool suite 0.2!

Tarball download
Zip file download

Notable features include:

• Session support which allows you to resume previous scans as well as store the results in database format
• Exporting of previous results to various formats: pdf, xml (html), csv and plain text
• Easy updating by making use of subversion (svn update)
• Better UI, more intuitive help, clean output and more debug info when needed
• And my favorite feature: random scanning techniques

I also uploaded a screencast and tutorial on how to use SIPVicious tools to crack an extension on an Asterisk box here. Enjoy

Been working on more features with regards to svmap. Some of these features find themselves in svwar and svcrack as well in the next release version. So what features of interest?

• Svmap is now session based. This allows us to have the following features:
• You may stop a current scan, go have a coffee and resume it later.
• If the power cuts, a natural disaster occurs or anything bad happens, you can resume your scan later because of the autosave feature, provided you survived the accident.
  
• Results are now stored in BSD database form. Svreport.py comes in quite handy .. more on this below.
• You can now pass various types of host ranges to svmap, depending on your (bad) taste and habits. Examples:
  
• 1.1.1.1-20 1.1.2-4.1-10
• 1.1.1.*
• 1.1.1.1-1.1.2.20
• sipvicious.org/22
• 10.0.0.1/24
• sipvicious.org
• Random scans. Two kinds of random scans:
• Internet random - you don't pass svmap any host/ip ranges. It scans the IPs randomly, avoiding those that belong to private networks or reserved address space
• Random targeted scan. You pass a range of hosts/ips and they are scanned randomly instead of sequentially.
• Output to an ASCII table when the scan is complete. If you need to see the results instantly, then the verbose option is your friend. Double verbose gives out a lot of debug information.
• Lots of bug fixes, optimizations and cleaning up ;)
  

Earlier I mentioned svreport.py which is a new script that will be soon added to the suite. It will grab previous sessions from SIPVicious tools and export them to the following formats:

• PDF - Portable Document Format
  
• XML - Extensible Markup Language
  
• CSV - Comma delimited files
  
• Text - Human friendly format
  

That's all for now. If you're curious check out the svn repository. Otherwise version 0.2 is on the way.

In the past two days I've been busy working on updates for SIPVicious tools:

• Scanning a large number of hosts does not take long for to start anymore
• Fixed a few bugs / unhandled exceptions
• we're doing 160 hosts per second now :)
• updated user documentation for svmap
• added some switches to svmap:
• Verbose. The mode you add of these, the more debug information you get. -vvv for ub3r super debug info.
• Binding ip -b. This allows you to specify an IP address to bind to. By default it binds to all IP addresses.
• External IP -x. Allows you to specify your external IP address. Use this when you're behind NAT and / or have multiple network interfaces on the host.
  

Currently SIPVicious tools only support UDP. I hope to integrate TCP and TLS later on though not too soon. Any feedback is welcome. If you want to take a look .. look no further than the svn repository ;-)

win-get is an automated install system and software repository for Microsoft Windows written in pascal (for the command line client) and php for the online repository. The ideas for its creation come from apt-get and other related tools for the *nix platf

统计网站点击的热图工具

Acceleo est un générateur de code qui permet de transformer des modèles vers du code ( approche MDA ). Acceleo est simple à utiliser, dispose de générateurs prêt à l'emploi (JEE, .Net, Php...) et d'éditeurs de templates de génération sous Eclip